use DHUK to wrap/unwrap seed value used for token

JacobBarthelmeh · JacobBarthelmeh · commit 760bae8c309a · 2026-02-09T16:53:46.000-07:00
diff --git a/src/internal.c b/src/internal.c
@@ -5150,6 +5150,117 @@ static void wp11_Token_Final(WP11_Token* token)
 static int HashPIN(char* pin, int pinLen, byte* seed, int seedLen, byte* hash,
                    int hashLen, WP11_Slot* slot);
 
+#ifdef WOLFSSL_STM32U5_DHUK
+/* DHUK seed storage: IV (16) + AES-CBC ciphertext of seed (16).
+ * Uses AES-CBC with DHUK so the decrypted seed is placed in token->seed
+ * for use by AES-GCM and other operations. */
+#define WP11_SEED_DHUK_IV_SZ  16
+#define WP11_SEED_WRAPPED_SZ  (WP11_SEED_DHUK_IV_SZ + PIN_SEED_SZ)
+
+#if defined(HAVE_AES_CBC)
+/* Dummy key for wc_AesSetKey when using DHUK; hardware uses DHUK. */
+static const byte wp11_dhuk_dummy_key[32] = {0};
+
+static int wp11_token_write_seed_dhuk(void* storage, WP11_Token* token)
+{
+    int ret;
+    Aes aes;
+    byte iv[WP11_SEED_DHUK_IV_SZ];
+    byte wrappedSeed[PIN_SEED_SZ];
+
+    WP11_Lock_LockRW(&token->rngLock);
+    ret = wc_RNG_GenerateBlock(&token->rng, iv, sizeof(iv));
+    WP11_Lock_UnlockRW(&token->rngLock);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesInit(&aes, NULL, WOLFSSL_STM32U5_DHUK_DEVID);
+    if (ret != 0)
+        return ret;
+    ret = wc_AesSetKey(&aes, wp11_dhuk_dummy_key, sizeof(wp11_dhuk_dummy_key),
+                       iv, AES_ENCRYPTION);
+    if (ret != 0) {
+        wc_AesFree(&aes);
+        return ret;
+    }
+    ret = wc_AesCbcEncrypt(&aes, wrappedSeed, (const byte*)token->seed,
+                            (word32)PIN_SEED_SZ);
+    wc_AesFree(&aes);
+    if (ret != 0)
+        return ret;
+
+    ret = wp11_storage_write_word32(storage, WP11_SEED_WRAPPED_SZ);
+    if (ret == 0)
+        ret = wp11_storage_write_fixed_array(storage, iv, WP11_SEED_DHUK_IV_SZ);
+    if (ret == 0)
+        ret = wp11_storage_write(storage, wrappedSeed, (int)WP11_SEED_WRAPPED_SZ);
+    return ret;
+}
+
+static int wp11_token_read_seed_dhuk(void* storage, WP11_Token* token)
+{
+    int ret;
+    Aes aes;
+    byte iv[WP11_SEED_DHUK_IV_SZ];
+    word32 wrappedLen;
+    byte wrappedSeed[PIN_SEED_SZ];
+
+    ret = wp11_storage_read_word32(storage, &wrappedLen);
+    if (ret != 0)
+        return ret;
+    if (wrappedLen != WP11_SEED_WRAPPED_SZ)
+        return BUFFER_E;
+    ret = wp11_storage_read_fixed_array(storage, iv, WP11_SEED_DHUK_IV_SZ);
+    if (ret != 0)
+        return ret;
+    ret = wp11_storage_read(storage, wrappedSeed, PIN_SEED_SZ);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_AesInit(&aes, NULL, WOLFSSL_STM32U5_DHUK_DEVID);
+    if (ret != 0)
+        return ret;
+    ret = wc_AesSetKey(&aes, wp11_dhuk_dummy_key, sizeof(wp11_dhuk_dummy_key),
+                       iv, AES_DECRYPTION);
+    if (ret != 0) {
+        wc_AesFree(&aes);
+        return ret;
+    }
+    ret = wc_AesCbcDecrypt(&aes, token->seed, wrappedSeed, PIN_SEED_SZ);
+    wc_AesFree(&aes);
+    return ret;
+}
+#else /* !HAVE_AES_CBC */
+#error WOLFSSL_STM32U5_DHUK token seed storage requires HAVE_AES_CBC
+#endif /* HAVE_AES_CBC */
+#endif /* WOLFSSL_STM32U5_DHUK */
+
+/**
+ * Read token seed from storage.
+ */
+static int wp11_token_read_seed(void* storage, WP11_Token* token)
+{
+#ifdef WOLFSSL_STM32U5_DHUK
+    return wp11_token_read_seed_dhuk(storage, token);
+#else
+    return wp11_storage_read_fixed_array(storage, token->seed,
+                                         sizeof(token->seed));
+#endif
+}
+
+/**
+ * Write token seed to storage.
+ */
+static int wp11_token_write_seed(void* storage, WP11_Token* token)
+{
+#ifdef WOLFSSL_STM32U5_DHUK
+    return wp11_token_write_seed_dhuk(storage, token);
+#else
+    return wp11_storage_write_fixed_array(storage, token->seed,
+                                          sizeof(token->seed));
+#endif
+}
+
 /**
  * Load a token from storage.
  *
@@ -5225,9 +5336,8 @@ static int wp11_Token_Load(WP11_Slot* slot, int tokenId, WP11_Token* token)
             ret = wp11_storage_read_time(storage, &token->userFailLoginTimeout);
         }
         if (ret == 0) {
-            /* Read seed used to calculate key. (16) */
-            ret = wp11_storage_read_fixed_array(storage, token->seed,
-                                                sizeof(token->seed));
+            /* Read seed used to calculate key. */
+            ret = wp11_token_read_seed(storage, token);
         }
         if (ret == 0) {
             /* Read count of object on token. (4) */
@@ -5426,9 +5536,8 @@ static int wp11_Token_Store(WP11_Token* token, int tokenId)
             ret = wp11_storage_write_time(storage, token->userFailLoginTimeout);
         }
         if (ret == 0) {
-            /* Write seed used to calculate key. (16) */
-            ret = wp11_storage_write_fixed_array(storage, token->seed,
-                                                 sizeof(token->seed));
+            /* Write seed used to calculate key. */
+            ret = wp11_token_write_seed(storage, token);
         }
 
         if (ret == 0) {
@@ -6304,6 +6413,7 @@ int WP11_Slot_UserLogin(WP11_Slot* slot, char* pin, int pinLen)
     if (ret == 0) {
         ret = WP11_Slot_CheckUserPin(slot, pin, pinLen);
     #ifndef WOLFPKCS11_NO_STORE
+        /* Re-create token->key from PIN + token->seed (HashPIN) on load. */
         if (ret == 0) {
             ret = HashPIN(pin, pinLen, token->seed, sizeof(token->seed),
                 token->key, sizeof(token->key), slot);
